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METHOD AND SYSTEM OF MANAGING TRAFFIC 
IN A FIRST SET OF NODES OF A COMPUTER NETWORK 



BACKGROUND 

[0001] A Virtual Local Area Network (VLAN) is a grouped set of network 
elements, or nodes. Messages can, for example, broadcast to all of the nodes 

10 within the VLAN using a VLAN address. Messages can also be transmitted 

between VLANS. Transmitting data between multiple VLANS can involve using a f ^ 
router at the edge of each VLAN. For example, to transmit a message to a 
computer node outside a given VLAN, the message is sent to a router on an edge 
of the given VLAN, wherein the router uses, for example, a layer 3 networking 

15 protocol. If a large amount of data is sent between the VLANs, a large amount of 
traffic may be sent through the router, which can slow the network traffic. 

SUMMARY 

[0002] A method of managing traffic in a first set of nodes of a computer 

network is disclosed. In accordance with exemplary embodiments, the network 
20 includes a first set of nodes and a second set of nodes. The method includes 

determining a source associated with an amount of network traffic over the first set 
of nodes which exceeds a threshold, the source being outside a group of network 
elements assigned to the first set of nodes. An indication of the source can be 
automatically displayed in response to determining the source. 

25 [0003] Exemplary embodiments are also directed to a management 

computer for managing traffic in a first set of nodes of a computer network having 
first and second sets of nodes. The management computer includes a display 
and a processor. The processor is configured to determine a source associated 
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with an amount of network traffic over the first set of nodes that exceeds a 
threshold, the source being outside a group of network elements assigned to the 
first set of nodes. The processor is configured to automatically send to the display 
an indication of the source in response to determining the source. 

5 [0004] Exemplary embodiments are also directed to a system for managing 

traffic in a first set of nodes of a computer network having first and second sets of 
nodes. The system comprises a first set of nodes and a management computer. 
The management computer is configured to determine a source associated with 
an amount of network traffic over the first set of nodes that exceeds a threshold, 
10 the source being outside a group of network elements assigned to the first set of 
nodes. The management computer is configured to automatically display an 
indication of the source in response to determining the source. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0005] The accompanying drawings provide visual representations which 

15 will be used to more fully describe the representative embodiments disclosed 

herein and can be used by those skilled in the art to better understand them and 
their inherent advantages. In these drawings, like reference numerals identify 
corresponding elements and: 

[0006] Figure 1 is a flow chart illustrating an exemplary method for 

20 managing a computer network having first and second sets of nodes . 

[0007] Figure 2 is a diagram that illustrates an exemplary management 

computer and a system for managing a computer network. 

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS 

[0008] Figure 1 is a flow chart illustrating an exemplary method for 

25 managing traffic in a first set of nodes of a computer network having first and 

second sets of nodes. The first set of nodes can be any designated group of one 
or more nodes and can, for example, be designated a first VLAN. The second set 
of nodes can be any designated group of one or more nodes and can, for 
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example, be designated as a second VLAN. The method can be implemented on 
a computer, wherein a computer readable medium can contain a program for 
performing the method. 

[0009] In block 102, a source associated with an amount of traffic over a 

5 first VLAN which exceeds a threshold is determined. This source can, for 

example, be outside a group of network elements assigned to the first VLAN. 

[00010] The amount of network traffic over the first VLAN can be determined 
by examining the traffic of a switching element or probe associated with the first 
VLAN, or by any other suitable method. The threshold can be the level of traffic 
10 sufficient for the source to be considered what will be referenced to herein as a 

"top talker source". This threshold can be a percentage of the total traffic over the 
VLAN, a fixed level of data traffic, or any other desired threshold. 

[00011] In an exemplary embodiment, a top talker source (or top talker 
sources) which satisfies a specified characteristic is determined and identified as 
15 the source (or sources) of traffic which exceeds a given threshold. Each top talker 
source can be examined to determine any top talker source which does not 
belong to the first VLAN. 

[00012] Traffic data can, for example, be obtained and monitored in the first 
VLAN using a network management protocol. This traffic data can be used to 

20 identify the source associated with traffic over the first and/or second VLAN. In 
one embodiment, the traffic data is obtained using a remote monitoring (RMON) 
protocol. The traffic data can be obtained from a switching element in the first 
VLAN, from a probe or in any other suitable manner. In an exemplary 
embodiment, the top talker sources of traffic on the first VLAN can be determined 

25 using an RMON protocol, and the following exemplary pseudocode 

For each VLAN 

Determine top talker sources over tested VLAN 
For each top talker source 

Determine VLAN of top talker source 
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If VLAN of the top talker source is not the tested VLAN 
Produce alert 

Else 

5 [00013] In block 104, an indication of each top talker source is automatically 
displayed in response to determining the source. A management computer can 
display an identifier of each such source, and can indicate the level of network 
traffic associated with each source. 

[00014] In an exemplary embodiment, the identifier can be an indication of a 
10 user name associated with the source. For example, if the source is associated 
with the user name, "Frank", the display can indicate that "Frank" (being in VLAN 
2) is the source of excessive traffic within VLAN 1 . An alert concerning the source 
can also be produced and displayed. The alert can include information 
concerning the amount of traffic from the source over its own VLAN; this 
15 information can be useful in a network manager's decision to reassign the source 
to a different VLAN. The alert can include an indication of the top talker sources 
from other VLANs and an indication of the level of traffic over the VLANs due to 
those sources. The alert can also include the identifier (e.g., user name) 
associated with the top talker source or sources. 

20 [00015] The determination of a source assigned to VLAN 2 which causes 

excessive traffic in VLAN 1 can be used to initiate a reassignment of the source to 
the VLAN 1 . A network manager can manually or remotely reassign a top talker 
source to a different VLAN 1 . In the previous example, by reassigning the source 
to the VLAN 1 , the amount of cross-VLAN traffic in the computer network is 

25 reduced and the efficiency of the network can be improved. In an exemplary 
embodiment, upon determination of the source, the system can automatically 
reassign the source to the first VLAN and produce an indication to the network 
manager of the reassignment. 

[00016] In an exemplary embodiment, the top talker sources are determined 
30 for each VLAN within the computer network. For each VLAN, a switching 
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element, or probe associated with an RMON agent can be queried to determine 
the top talker sources. More than one location may need to be checked when 
determining the top talker sources of each VLAN. For each source, a VLAN ID is 
determined. For example, a stored association between a source address and a 
5 VLAN ID can be examined to determine the VLAN ID. If the VLAN ID of the top 
talker source is not the same as the VLAN ID of the tested VLAN, an alert can be 
produced to indicate that the source is from another VLAN. 

[00017] The following pseudocode includes a task which can be executed to 
ensure that network utilization of a top talker source is above a minimum value 
10 before producing an alert: 

For each VLAN 

Determine top talker sources over tested VLAN 
For each top talker source 

Determine percentage tested VLAN network utilization 
15 If percentage network utilization > minimum value 

Determine VLAN of top talker source 
If VLAN of top talker source is not tested VLAN 
Produce alert 

Else 

20 Else 

[00018] Figure 2 is a diagram illustrating an exemplary management 
computer and system. Traffic within a first VLAN 208, such as the traffic between 
nodes 234 and 236, can be sent over network 238 without going through an edge 
25 router. However, in the Figure 2 example, traffic from node 224 of a second VLAN 
226 cannot connect to node 234 of VLAN 208 directly through switch 214, but 
rather is sent via the router 232. The router can use, for example, a layer 3 
protocol to route the traffic to the node 234 of the first VLAN 208. Heavy use of 
the router 232 can slow the overall network. 

30 [00019] An exemplary management computer 202 is provided which 
includes a display 204 and a processor 206. The processor is configured to 
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determine a source associated with the amount of network traffic over the first 
VLAN 208 that exceeds a threshold. This source can be outside a group of 
network elements assigned to the first VLAN. The processor is configured to 
automatically send to the display an indication of the source in response to 
5 determining the source. 

[00020] In the Figure 2 example, the processor 206 can include high cross 
VLAN traffic source determining software 210 that identifies any sources of traffic 
which are associated with a given threshold of traffic on the first VLAN. The 
software can determine, for example, that a relatively high amount of traffic on the 
1 0 first VLAN 208 is due to a source from the second VLAN 226. 

[00021] The software 210 interfaces with RMON network software 212. The 
RMON network software 212 can produce a list of the top talker sources on a 
switching element or probe at the first VLAN 208. For example, the RMON agent 
216 at the switch 214 can monitor an interface "1" of switch 214. The RMON 

15 agent 216 can maintain a Management Information Block (MIB) to track the 

source ID of the top talker sources which communicate across this interface. Top 
talker data 218 obtained from the RMON agent 216 at the switch 214 can be 
stored in a memory 220 of the management computer 202. For example, the 
source ID and data packet size of information associated with each data packet 

20 that passes through interface 1 can be examined and used to increment a value in 
the memory 220 which keeps track of the amount of data sent through this 
interface by each source. In this example, the top talker data 218 indicates the 
top talker sources for the interface "1" of the switch 214. This exemplary top talker 
data can also be processed using the RMON network software 212 to identify the 

25 amount of traffic, and the percentage of overall traffic across the interface 1 
attributable to each identified top talker source. 

[00022] The VLAN source determining software 210 can check the top talker 
data 218 to determine which of the top talker sources are not from the first VLAN 
208. In Figure 2, an exemplary VLAN ID table 222 stored in the memory 220 is 
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consulted. The VLAN ID table correlates the addresses of each source in the 
network to a particular VLAN ID. Optionally, a user name and/or any other 
desired information can be associated with each source. 

[00023] In an exemplary embodiment, the VLAN ID table 222 can be 
5 produced by any suitable network management software 230 used for discovering 
nodes of a network. An example of network management software is the Network 
Node Manager (NNM) of Hewlett-Packard's OpenView product. The network 
management software 230 can include software for discovering and displaying the 
different nodes within the computer network 200, as well as indicating which 
10 VLANs the various nodes are associated with, and the user names associated 
with each node address. 

[00024] In an exemplary operation, where the node 224 (node C) in the 
second VLAN 226 is a top talker source on the first VLAN 208, an alert can be 
produced for the display 204 by the software 210. The threshold used to identify 

15 node 224 as a top talker source can be any desired threshold. For example, it 
may be desired to have the total percentage of traffic due to sources which are 
external to the VLAN be maintained below a certain threshold level. The network 
manager can establish that the traffic within the first VLAN be maintained at 80% 
of the total traffic handled by that VLAN, with traffic from outside of the VLAN 

20 being limited to 20% or less. The alert 228 produced at the display 204 can 
indicate when the level of traffic handled by the first VLAN 208 from sources 
outside the VLAN 208 is approaching and/or is above this 20% value. The alert 
228 can include an indication of the user name, the address, and the level of 
traffic originated by each external source into the VLAN 208. All such external 

25 sources can be identified. Alternately, only those sources which are responsible 
for sourcing an amount of traffic above a given threshold over a predetermined 
amount of time or specified interval, can be identified. 

[00025] The presently disclosed embodiments are considered in all respects 
to be illustrative and not restrictive. The scope is indicated by the appended 
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claims, rather than the foregoing description, and all changes that come within the 
meaning and range of equivalence thereof are intended to be embraced. 



